Forget PINs & OTPs — Show Your Face to Pay? Here’s What’s New

General
1

NPCI (UPI) and payments players are rolling out biometric authentication — including face recognition and device biometrics — as an option to approve UPI and card transactions. The change is live/being rolled out from early–mid October 2025 with initial transaction caps and safeguards.

What’s actually changing

  • You’ll be able to authorize UPI & certain payments using on-device biometrics (fingerprint/face) or Aadhaar-based face auth — instead of entering a UPI PIN or waiting for OTPs.
  • Initial per-transaction cap for biometric approvals is small (about ₹5,000) while NPCI/banks monitor risk — limits may be revised later.
  • This is being introduced as an additional authentication option — PIN/OTP will still exist as fallbacks.

Why this is useful

  • Faster checkout — no OTP delays, no typing PINs.
  • More inclusive — easier for elderly or disabled users who struggle with typing OTPs.
  • Device-level security — uses phone’s secure biometric module (TEE/secure enclave) and vendor verification.

:warning: Risks & what to watch for

  • Privacy & consent: Aadhaar-based face auth ties to government biometric databases — users must explicitly consent. Know what you’re opting into.
  • Biometric theft is permanent: Unlike a PIN, you can’t change your face or fingerprint. Ensure apps use liveness checks and secure storage.
  • Rollout limits: Initially capped amounts (≈₹5k) and certain merchant categories only — don’t assume unlimited use yet.
  • App & bank policy differences: Even if NPCI allows it, your bank/UPI app must implement it — rollout will be staggered.

:wrench: How it will work (user flow)

  1. Your UPI app / bank prompts you to enrol for biometric auth (consent + device verification).
  2. At checkout, choose “Pay using face/fingerprint”. Your device performs an on-device biometric scan and returns a secure cryptographic approval.
  3. If the device biometric fails or exceeds limits, the app falls back to UPI PIN / OTP.

Biometric approvals are the next logical step for faster, more frictionless payments — but treat it like any big tech change: try with small amounts first, read consent screens, and keep traditional PIN/OTP enabled as backup. This is convenient — and powerful — so behave like you would with any sensitive credential.

2

What’s the transaction limit?

3

Will my face or fingerprint be uploaded to some server?

4

Initially about ₹5,000 per transaction for biometric approvals — NPCI and banks may revise limits later.

5

No — approved implementations use on-device biometric templates (not raw images) and cryptographic tokens; Aadhaar face auth is a separate consented flow that references UIDAI verification. Read the app’s consent before enrolling.